From 82b3606cdde60c14999ab5902871a883d4af086f Mon Sep 17 00:00:00 2001 From: Abdel Date: Sun, 31 Oct 2021 00:22:38 +0200 Subject: [PATCH 1/2] case-insensitive-search-features-for-do_find_str --- src/strings.bif | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/src/strings.bif b/src/strings.bif index 0d3812f267..f4d20dc2cb 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -1145,7 +1145,7 @@ function count_substr%(str: string, sub: string%) : count %%{ -static int64_t do_find_str(zeek::StringVal* str, zeek::StringVal* sub, int64_t start, int64_t end, bool rfind) +static int64_t do_find_str(zeek::StringVal* str, zeek::StringVal* sub, int64_t start, int64_t end, bool rfind, bool case_sensitive) { // Don't bother if the start is after the end of the string. if ( start > str->Len() ) @@ -1168,11 +1168,19 @@ static int64_t do_find_str(zeek::StringVal* str, zeek::StringVal* sub, int64_t s return -1; string s = str->ToStdString().substr(start, end_pos); + string sb = sub->ToStdString(); size_t pos = string::npos; + + if ( !case_sensitive ) + { + transform(s.begin(), s.end(), s.begin(), ::tolower); + transform(sb.begin(), sb.end(), sb.begin(), ::tolower); + } + if ( rfind ) - pos = s.rfind(sub->ToStdString()); + pos = s.rfind(sb); else - pos = s.find(sub->ToStdString()); + pos = s.find(sb); if ( pos == string::npos ) return -1; @@ -1193,13 +1201,14 @@ static int64_t do_find_str(zeek::StringVal* str, zeek::StringVal* sub, int64_t s ## end: An optional position for the end of the substring. A value less than ## zero (such as the default -1) means a search until the end of the ## string. +## case_sensitive: An optional position for search case insensitively ## ## Returns: The position of the substring. Returns -1 if the string wasn't ## found. Prints an error if the starting position is after the ending ## position. -function find_str%(str: string, sub: string, start: count &default=0, end: int &default=-1%) : int +function find_str%(str: string, sub: string, start: count &default=0, end: int &default=-1, case_sensitive: bool &default=T%) : int %{ - return zeek::val_mgr->Int(do_find_str(str, sub, start, end, false)); + return zeek::val_mgr->Int(do_find_str(str, sub, start, end, false, case_sensitive)); %} ## The same as :zeek:see:`find_str`, but returns the highest index matching @@ -1214,9 +1223,9 @@ function find_str%(str: string, sub: string, start: count &default=0, end: int & ## Returns: The position of the substring. Returns -1 if the string wasn't ## found. Prints an error if the starting position is after the ending ## position. -function rfind_str%(str: string, sub: string, start: count &default=0, end: int &default=-1%) : int +function rfind_str%(str: string, sub: string, start: count &default=0, end: int &default=-1, case_sensitive: bool &default=T%) : int %{ - return zeek::val_mgr->Int(do_find_str(str, sub, start, end, true)); + return zeek::val_mgr->Int(do_find_str(str, sub, start, end, true, case_sensitive)); %} ## Returns whether a string starts with a substring. From effa8c403f61e1700ceada4da82e2cb9202da34c Mon Sep 17 00:00:00 2001 From: Abdel Date: Thu, 4 Nov 2021 02:02:48 +0100 Subject: [PATCH 2/2] testing-do-find-str_case-insensitive --- testing/btest/bifs/do_find_str.zeek | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 testing/btest/bifs/do_find_str.zeek diff --git a/testing/btest/bifs/do_find_str.zeek b/testing/btest/bifs/do_find_str.zeek new file mode 100644 index 0000000000..b598b5c73a --- /dev/null +++ b/testing/btest/bifs/do_find_str.zeek @@ -0,0 +1,22 @@ +# +# @TEST-EXEC: zeek -b %INPUT >out +# @TEST-EXEC: btest-diff out + +event zeek_init() + { + local a = "this is the concatenation of HTTP fields of the fOrM of the website that I am protecting"; + local b = "form"; + local c = "FORM"; + local d = "FoRm"; + local e = "om0"; + local f = "f0rm"; + local g = "fOrm"; + + + print find_str(a, b, 0, -1, F); + print find_str(a, c, 0, -1, F); + print find_str(a, d, 0, -1, F); + print find_str(a, e, 0, -1, F); + print find_str(a, f, 0, -1, F); + print find_str(a, g, 0, -1, F); + }